INCO-TRUST. INCO-TRUST: to set up a co-operation framework based on mutual interests & capabilities! Canada US S. Korea Japan.

Transcription

1 INCO-TRUST: Intl Co-Operation in Trustworthy, Secure and Dependable ICT Infrastructures Neeraj Suri, TU Darmstadt, Germany James Clarke, Waterford Institute of Technology, Ireland

2 INCO-TRUST Canada US S. Korea Japan Australia INCO-TRUST: to set up a co-operation framework based on mutual interests & capabilities!

3 The Mechanisms INCO-TRUST Intl. Cooperation in ICT Security & Trust USA (NSF, DHS), Japan (JST), Australia (NICTA), The Consortium Canada, S. Korea THINK-TRUST Personalisation, Security, Accountability Vs Privacy & Human Values! The Consortium Composite Social Legal Technical Issue considerations

4 EU, US +++ Partnerships Understanding problems & technologies of common interest where synergy would be meaningful & add local (technological, legal, societal) depth? Web x.0, Persona/Data mgmt (technologies and approaches, storage, access, data transfer rights/jurisdiction), privacy,... Problems where the interconnected trans-national world of things (& attacks, impact, enforcement) behooves us to join forces where synergy is a no-brainer... Web x.0, interlinked infrastructures (& their protection), testbeds Can we jointly influence and leverage issues? Understanding the other sides priorities The mechanism Inco-Trust DEEDS Group

5 Thrust 1: Future Internet Design & its Security Mixed-mode, mobility, WSN - heterogeneity galore!!! Will need global inputs: Technical, implementation, + regulatory/legal involvement at varied levels/layers design & monitoring End user/device compatibilities? Architectural? Protocols? Multi-layered, federated security?... (PlanetLab-intl.) CyberThreats? (CyLab involvement) Reality: composition of internet is terribly diffuse with many many many international entities BUT this is also the critical and high impact co-operation area! Influence via international standards groups? DEEDS Group 5

6 Thrust 2: Global Persona Mgmt & Privacy Technological base: biometrics, crypto Usage facets: User-in-the loop privacy, confidentiality human/machine/device ID mgmt coverage: across enterprise lifecycle? partitioned (VM style) access with multiple personas? data storage, access rights across intl. data centers, intl. jurisdiction? repudiation, intl. liability rights? abuse? privacy: varied intl. legalities, varied social acceptability & conformance standards + regulation data level (mobile content? DRM?) intl. issues? DEEDS Group ISORC

7 Thrust 3: Infrastructure Protection App Level Users Businesses FI/Govt Impact Tech/Info Conduits Sys Level Public Custom UI Servers Telcos DB Servers Transactional & Data Confidentiality - Liability Driver Transactional & Data Integrity - Liability Driver Transactional & Data Availability - Usage Driver Operational Financial Confidence The Financial Infrastructure Protection (FIP) challenge is not just at a favorite (national) level or element(s) within the FI landscape, but the consolidated, coherent and consistent coverage of the overall environment the technological, usage and user elements on a global scale. DEEDS Group

8 WG1: Security, Dependability and Trust in the Future Internet What is our vision? Terms of Reference Scenarios for technological evolution Which TSD issues to address at generic level and which at application level? Security & trustworthiness of composite complex services Input from user perspective

9 WG1: Security, Dependability and Trust in the Future Internet Covering conceptual and implementation aspects across the spectrum of multi-layered network and services infrastructures Technological evolution and scalability Layering (polymorphic networks, physical, virtual, service, others ) Computing & communication paradigms (incl. protocols/middleware - functionality and monitoring) Emerging Threats Virtualization concepts Infrastructures and testbeds Across enabling technologies Core infrastructures, end users/devices,... Links with ETPs and FIA

10 WG2: Privacy and Trust in the Information Society What is our vision? Terms of Reference User centricity: User perspective: Social acceptability, usability, privacy, repudiation and liability issues Economic aspects: TSD as tradable service Trust and privacy aspects: convey problems and solutions E.g. short term & longer term scenarios that could make a difference

11 WG2: Privacy and Trust in the Information Society Covering conceptual, implementation and tradeoffs Human/machine/device ID (+ multiple persona) management Data collection, data storage, data access and data protection rights for businesses and consumers Usage facets: authentication, privacy, confidentiality Personal privacy versus societal and national needs Standards and regulatory issues Covering non-technical needs and concerns, from social and economic viewpoints (costs vs. benefits quantification), from the human and personal to the organisational and legal/governmental Across varied application domains and enabling technologies Biometrics, Crypto, Data/Identity Rights Management, Trusted Computing and Communication... Deployment case studies

12 Mapping WG Coverage Areas* of F5 Security Network infrastructures Identity management, privacy, trust policies Dynamic reconfigurable service architectures Critical Infrastructure Protection Underpinning technologies for trustworthy infrastructures * from EC F5 presentation

13 Related Topics raised during EU-US Workshops early identification and protection mechanisms for emerging global risks as the digital systems evolve permanently survey and identify the new possible attacks, the potential vulnerabilities due to complexity or just-in time services. look for new emerging risks, while being conscious of the incompleteness and the limitations of all these analyses. aspects related to attack distribution: information concerning possible attacks, who or what is responsible for the attack, the extent of the attack [1], information gathering; tracking and tracing for forensics to enable prosecution of cyber criminals; balancing technological challenges with legal aspects and privacy of individuals. [1] Taken from Infosec Research Council Hard Problems List - see doc

14 The Timeline & Mechanics of Inco-Trust Phase 0: Pre-Project EU-International Summit Series Workshops Phase 1: Understanding & connections of mutual beneficial interests Phase 2: Prioritization of mutual interests Platform for international collaboration & consensus building Input to the design of future research programs * Call Prioritizations * Intl. Project Formulations WS(EU 11 06) WS (US) 4 07 M9: (EU) M15: (US) M21: (JPN ) Final M27: (EU)

15 Next Steps 04 11/06 04/07 I-T: 1/08 NOW Q4/08 4/09 I-T WG WS-2 WS-1 Start Forma tions WS+1 ICT- TSD WP Call Please visit DEEDS Group